third_party/linux: enable landlock at boot time Required by a customer workload. Also likely to be used by our own OS components in the future. Change-Id: I7ddb2fadba483fd3c4aabecdce45c37679fca6c9 Reviewed-on: https://review.monogon.dev/c/monogon/+/3296 Tested-by: Jenkins CI Reviewed-by: Lorenz Brun <lorenz@monogon.tech>

commit: 1c42c42ff6621c44cdc3da39b066e4fc270105ef [log] [tgz]
author: Leopold Schabel <leo@monogon.tech> Thu Aug 01 15:41:54 2024 +0000
committer: Leopold Schabel <leo@monogon.tech> Tue Aug 06 09:13:31 2024 +0000
tree: d72618e3c8872b1577fd9ba6c323e0c1e43789d7
parent: 0b9276519a7475c3a341f78d83ca8d18cec3b38a [diff]
diff --git a/third_party/linux/linux-metropolis.config b/third_party/linux/linux-metropolis.config
index 578e955..4888f05 100644
--- a/third_party/linux/linux-metropolis.config
+++ b/third_party/linux/linux-metropolis.config

@@ -4146,7 +4146,7 @@
 CONFIG_EVM_ATTR_FSUUID=y
 # CONFIG_EVM_ADD_XATTRS is not set
 CONFIG_DEFAULT_SECURITY_DAC=y
-CONFIG_LSM="lockdown,yama,loadpin,safesetid,integrity"
+CONFIG_LSM="landlock,lockdown,yama,loadpin,safesetid,integrity"
 
 #
 # Kernel hardening options
commit	1c42c42ff6621c44cdc3da39b066e4fc270105ef	[log] [tgz]
author	Leopold Schabel <leo@monogon.tech>	Thu Aug 01 15:41:54 2024 +0000
committer	Leopold Schabel <leo@monogon.tech>	Tue Aug 06 09:13:31 2024 +0000
tree	d72618e3c8872b1577fd9ba6c323e0c1e43789d7
parent	0b9276519a7475c3a341f78d83ca8d18cec3b38a [diff]